WordPress Permissions: Fixing File and Folder Uploads Permissions

Mar 4, 2020

WordPress Permissions: Fixing File and Folder Uploads Permissions

Mar 4, 2020

Are you seeing an error when uploading a file on your site? Incorrect file and folder permissions on your WordPress site are the cause of this error.

Having the wrong set of permissions can result in different errors – white screen of death while loading a certain page, error message while trying to upload images to the media folder, etc. Apart from these, the wrong file or folder permission can also pose a security threat.

Hackers can use incorrect permissions to read, write and execute commands in your files and folders. This will enable them to gain complete control over your site.

Once they gain access to your site, hackers can launch hack attacks on other sites, send spam emails, redirect your visitors to malicious websites, etc. When search engines and web hosts detect malicious activities on your website, they will blacklist and suspend your site until it’s fixed.

WordPress file permissions play a vital role in securing your site. Setting permissions properly should be the first thing to do after installing WordPress.

In this article, we will show you exactly what steps you need to take to set up the right files and folders permissions for your WordPress sites.

What are WordPress File Uploads Permissions?

A WordPress website consists of many files and folders.

Almost all the components that make up your site such as themes, plugins, images, etc., are stored within these files and folders. Each file and folder is associated with a set of permissions. It dictates “who” can access “what” within a file or a folder.

By default, WordPress allows 3 types of users to access its files and folders. Those are –

    1. Owner/User – WordPress administrator.
    2. Group – A group denotes a set of users of your site who have roles such as editors, contributors, subscribers, etc.
    3. World – Anyone on the internet.

You can set the permission of your files in a way so that different users will have different types of access. For instance, in Folder A –

    • The owner can read, write and execute codes.
    • A group can only read and write on the folder.
    • And the world can only read the folder.

As you can see from the example above there are 3 types of file permission. Those are –

    1. Read – The ability to only view the file’s contents.
    2. Write – The ability to modify the content of the file
    3. Execute – The ability to run codes in the file.

Using the right permission modes plays a vital role when it comes to WordPress security. For instance, a file like wp-config.php should have its permissions set to read-only. Supposing this is changed to read and write for all users, then anyone can view and modify the contents of your configuration file (i.e. wp-config.php). This means a hacker can easily break or compromise your site.

In the next section, we’ll suggest file permissions for the most important files and folders on your site. And we’ll also show you how you can set those permissions.

Fix WordPress Permissions (With cPanel & FTP)

There are 2 ways of setting the permissions in WordPress – via cPanel and FTP. We’ll show you both the methods. Kindly follow the steps below –

Setting File Permission Using cPanel

Step 1 – Identify Files & Folders

A WordPress website will consist of quite a lot of folders but the most important ones are:

    • wp-includes
    • wp-admin
    • wp-content
        • wp-content/themes
        • wp-content/plugins
        • wp-content/uploads
    • wp-config.php
    • .htaccess


public_html folder content


Note: You can learn why the folders are important and what they contain from this article – Structure of a WordPress Website.

Step 2 – Take a Complete Backup of Your Site

Making changes to file settings is risky. Small mistakes can break your site or cause it to malfunction. We advise you to take a complete backup of your site before changing file permissions for WordPress. You can get a reliable backup with BlogVault. It also offers a reliable way to restore your backups.

Step 3 – Modify Permissions

1. You can access the cPanel from your hosting provider. Log into your hosting account and select cPanel.

2. From your cPanel, click on File Manager.

3. Next, go to the public_html folder, you’ll find the folders we mentioned in the previous section (i.e. wp-content, wp-includes, & wp-admin).

5. Now select the wp-includes folder, and right-click. A drop-down appears. From there select Change Permissions.

6. At this point, a pop-up appears from where you can select the types of permission for all 3 users.


change permissions file manager


You’ll notice that for the folder wp-includes, the User has all permission granted to them. But the group and world can only read or view the folder.

File Permission Number – What is it & Why it’s Important

If you look closely you’ll also notice the number 744. To understand what permission the other folders need to have, you’ll need to understand how the number is generated.


file permission WP site


The permission number is associated with the types of permission.

    • Read is associated with 4
    • Write with 2
    • Execute with 1


file permission modes


    • If a user is allowed to read, write and execute, then the user is allotted a sum of all the permissions – 7
        • (Read + Write + Execute = 4 + 2 + 1 = 7)
    • If a user is allowed to read and write then the user is allotted a sum of the permissions – 6
        • (Read + Write = 4 + 2 = 6)
    • If a user is allowed to write and execute, then the user is allotted a sum of the permissions – 3
        • (Write + Execute = 2 + 1 = 3)
  • Coming back to the permission allotted to the wp-excludes folder – 744, the image below will illustrate how that was calculated –


    change permission explained


    Going by this logic, we suggest your set the permission of WordPress folders –

      • wp-admin: 744
      • wp-content: 744
          • wp-content/themes: 744
          • wp-content/plugins: 744
          • wp-content/uploads: 744
      • wp-config.php: 764
      • .htaccess: 764

    Let’s take a quick look at the what kind of permissions you’ll be allotting to the folders mentioned above –

    wp-admin & wp-content

    Allotting 744 to this folder. The User will have the right to read, write and execute. Group and world can only view the folder.

    wp-admin & wp-content folders are extremely important and shouldn’t be messed with. Hence, the group and world can only see the content of the folder but cannot make any modifications.

    Rest of the folders

    Allotting 764 to the rest of the folder. This means the User will have full permission over the folder. The Group will have permission to read and write on the folders.

    If you remember, we mentioned earlier that a Group is a collection of users (editors, contributors, subscribers, etc). There are times when these users may need to make modifications on files like .htaccess and wp-config.php to take actions like enable or disable automatic WordPress updates, ban IP addresses, etc.

    Setting File Permissions Using FTP

    1. Download and install Filezilla (one of the best FTP clients) on your computer.

    2. Open Filezilla and enter your FTP credentials in the input files on the top (see image below). If you want to learn what an FTP is, follow this guide – Working with FTP. And to find your FTP credentials, watch these videos.

    Don’t forget to click on Quickconnect after entering your FTP.


    filezilla login


    3. After Filezilla has made a connection with your web server, all your WordPress files and folder will be visible in Filezilla.

    Navigate to the section Remote site and select the public_html folder.


    public html filezilla


    4. Right below the Remote site section, there’s another section called Filename. Here, you’ll find the content of the root folder, i.e. public_html folder. Look for wp-includes. When you find the folder, right-click on it and select File Permissions.

    5. At this point, a pop-up appears from where you can change default permission.


    file permissions in filezilla


    In the previous section, we’ve spoken extensively about what type of permissions you should allow to which users. Check it out.


    change file attributes filezilla


    That’s it, folks. Your WordPress permissions set correctly.

    Final Thoughts

    If you’ve followed this guide, we’re confident you’ve set the right permissions for the files and folders of your website.

    Having the right security file permissions ensures your site is more secure from hackers.

    We sincerely hope that the article was helpful and that you managed to set correct file permissions.

    Before ending this article, we’d like to emphasize the importance of WordPress site backup before making any changes to your website. A single mistake can end up breaking your site.

    In situations like this, a backup will enable you to restore your site back to normal. You can use our a backup plugin to take a complete backup of your site. With BlogVault you can easily restore your site within a few minutes.

    reiterate the importance of backups. Misfortunes can happen to anyone which is why it’s advisable that you take WordPress backups. If something does go wrong, you can always restore your site back to normal.

    Try BlogVault Backup Services Right Now!

    wordpress permissions
    Newest Most Voted
    Inline Feedbacks
    View all comments
    Eric Burlet
    Eric Burlet
    5 years ago

    Hello, nice article. Just a question, you give two different informations for wp-config.php file, is it 600 or 660 ? Thank you

    Eric Burlet
    Eric Burlet
    5 years ago

    OK, I answer my own question, it is 600, as it is said in the codex.

    Share via
    Copy link
    Powered by Social Snap